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ABSTRACT 



Methods, devices, and systems are provided in a muUi-level 
computer architecture which provides improved capabilities 
for managing courseware and other content in a shared use 
operating environment such as a computer network. In 
particular, the invention provides a commercial networked 
instruction content delivery method and system which does 
not exclude synchronous sharing but is focused on asyn- 
chronous sharing. Security in the architecture provide con- 
tent property holdlers with the ability to know how many 
minutes of use an individual made of licensed material and 
with increased certainty that their material cannot be used, 
copied, or sold in usable form unless and until a user site is 
connected or reconnected to a minutc-by-minute counter 
which is located off the premises of the user. This security 
link helps protect software and other works which arc being 
sold or licensed to an individual, organization, or entity, and 
creates income opportunities for owners of such content. 
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COMPUTER ARCHITECTURE FOR 
MANAGING COURSEWARE IN A SHARED 
USE OPERATING ENVIRONMENT 

RELATED APPLICAHONS 

The present application claims priority to U.S. patent 
application Ser. No. 60/079,302 filed Mar. 25, 1998 (*302 
application). 

FIELD OF THE INVENTION 

The present invention relates to content delivery over a 
large computer network, and more particularly to a computer 
network architecture which integrates management compo- 
nents such as a reservation system, a funds flow system, a 
metering system, and a security system for preventing 
unauthorized use of courseware and other content. 

TECHNICAL BACKGROUND OF THE 
INVENTION 

More and more paintings, pictures, books, songs, other 
performances, texts, diagrams, recordings, video clips, and 
courses utilizing them for instructional purposes and/or 
entertainment are becoming available in machine readable 
forms. In particular, many computer- assisted lessons, train- 
ing materials, and other instructional courses include works 
which can be protected under intellectual property laws, 
such as visual works, audio works, texts, examinations, 
simulations, and other works. Some sensory works experi- 
enced while using computers, such as the physical motions 
performed with a flight simulator, may also be protected. 
Still other computer-aided sensory experiences are foresee- 
able but not yet commercially implemented, such as smells 
that could enhance a fire fighting course or a course on the 
detection of illegal drugs. These will also benefit from 
protection, "Computerized training", "computer- assisted 
instruction", "computer-aided learning", "web-based 
training", "intranet-based learning", "web courses/', "vir- 
tual university", "computerized curriculum delivery 
system", "courseware de! livery system", "instructional 
management system", "interactive educational method", and 
similar phrases are used by various people in various ways, 
but each of these terms refers to efforts to use computers to 
help educate students. As used here, "students" are not 
necessarily traditional students enrolled in high schools, 
colleges, universities, and the like, but arc rather people who 
receive instruction through courseware. Courseware may be 
used by traditional students, but it may also be used by 
employees of government agencies and corporations, for 
instance. 

To better understand the present invention in the context 
of existing computer-assisted educational efforts, it will 
helpful to understand certain distinctions, including without 
limitation the following: 

Course authoring vs. course content delivery; 

Stand-alone computer-based training vs. networked 
instruction; 

Synchronous sharing vs. asynchronous sharing; 
Commercial systems vs. academic systems; and 
Technical vs. legal means for securing intellectual prop- 
erly. 

Courseware vs. other content 
Authoring vs. Delivery 

Many uses of computers to facihtate education focus on 
providing authoring tools and authoring environments. For 



^0,014 Bl 

2 

instance, tools for authoring include tools for reformatting 
text into HTML format and adding hyperlinks; tools for 
integrating audio and/or video content with text content; and 
tools for creating interactive forms to obtain information 

5 from students and provide appropriate responses. In short, 
authoring tools help instructors create courseware content. 

By contrast, delivery tools help deliver courseware to 
students. In the case of "web -based training", "intranet - 
based learning", and "web courses", deUvery tools typically 

10 include TCP/IP networks and web browsers. Computer 
workstations themselves may also be viewed as delivery 
tools, particularly when the courseware is written to be used 
on a stand-alone computer rather than being delivered over 
a network connection. 

15 Many existing approaches to computer-aided teaching 
include both authoring and delivery components. However, 
the problems and solutions associated with authoring are not 
necessarily the same as those associated with delivery. The 
present invention is concerned primarily with delivery as 

20 opposed to authoring. 

Stand-alone vs. Networked Instruction 

Many computer-based training systems do not require a 
network Connection in order to function. All necessary 
courseware content is stored on a computer disk, CD-ROM, 

25 or other medium which is directly accessible to the computer 
being used by the student, making it unnecessary to send any 
content over a network connection. The tools and techniques 
for managing courseware content in such stand-alone sys- 
tems are basicaUy the same as the tools and techniques for 

3D managing application programs, operating systems, and 
other types of software installed on user workstations, 
namely written licenses, disk copy-protection schemes, 
license serial numbers, and the like. 
By contrast, network-based training approaches either 

35 take advantage of a network connection if one is available, 
or else they require such a connection. Different network- 
based systems use the network in different ways. Sometimes 
courseware content is stored on a server and deUvered over 
the network to users as needed. In some cases, part or all of 

40 the content is stored on the local network node but licensiiig 
is enforced through a server. For instance, the content stored 
locally might be encrypted, and the decryption key might be 
available only from the server and then only after the user is 
authenticated. Some network-based educational systems 

45 allow smdents to interact with one another and/or with the 
instructor through email or chat rooms. Some systems 
administer tests by having the student send test answers to 
a server, which grades the test and notifies the student of the 
results. Some systems provide instructors with access over 

50 the network to a database of administrative information such 
as student grades and a list of the students who have viewed 
a given lesson. Of course, many systems combine one or 
more of these features and some also use networks in other 
ways. 

55 The present invention is concerned with network-based 
courseware delivery systems, as opposed to stand-alone 
courseware delivery systems. 
Synchronous vs. Asynchronous Sharing 
Networked courseware delivery systems may share con- 

60 tent between multiple users synchronously or asynchro- 
nously. With synchronous sharing, users and/or instructors 
exchange information in a real-time or interactive way. 
Examples of synchronous sharing include telephone 
conversations, video conferencing, and chat rooms. By 

65 contrast, asynchronous sharing involves an exchange of 
information in which the participants expect substantial 
delays, or they involve a one-way flow of information rather 
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than an exchange. Examples of asynchronous sharing program in a directory. Further simple keystrokes, such as 

include downloading a previously created multimedia "copy C:/*.* A:/*.*" would direct the computer to place the 

presentation, listserv exchanges, and Usenet postings. Email new copies in a new physical location, perhaps copying 

does not fit neatly in either category, because it can be either everything from a disk directory in drive C to a portable disk 

synchronous or asynchronous in practice,. 5 in drive A. Even today most personal computers routinely 

Some aspects of the present invention are concerned with provide an environment that makes it relatively easy to copy 

asynchronous sharing, and in particular with asynchronous electronic information in the form of files, 

delivery of previously created courseware content. Of course, technical means are not the only way to protect 

However, other aspects of the invention are concerned with intellectual property rights; legal tools in the form of license 

synchronous information exchanges, such as funds transfers, lO agreements are widely used. Perhaps the most widespread 

Commercial Systems vs. Academic Systems license agreement is a single workstation agreement. In 

As noted, some courseware students attend traditional exchange for a license fee or an outright purchase price, a set 
institutions of higher education. In many cases, those stu- of disks or a CD-ROM containing digitized works and/or 
dents pay for their use of courseware by paying tuition to the executable code is transferred to the purchaser, often with 
institution. If the institution is not the owner of the 15 books and/or instructions on paper. Sometimes the works are 
courseware, the institution then makes separate arrange- transferred over a network such as the Internet in digital 
ments for payment to the owner. Likewise, students who are form. The purchaser is typically informed that the code or 
employees of a government agency or corporation generally information may be used an unlimited number of times on 
receive access to courseware through their employer without a single workstation or other computer- 
person ally making arrangements to pay the courseware 20 This approach worked fairly well in the day of the 
owner directly. In either case, at the time a student sits down stand-alone personal computer. It does require that the 
to actually use the courseware it may be necessary to producer of the code or other protectable work place some 
authenticate the student to the system but it is not necessary trust in the buyer, since the buyer often could copy the code 
for the student to provide a credit card number or similar or information onto more than one computer. The barriers 
payment mechanism. For convenience, courseware manage- 25 were mainly legal, not technical. In locations where intel- 
ment systems which do not require direct payment from lectual property was not a well-established and respected 
students are referred to herein as "academic systems". concept, widespread copying of information and executable 

By contrast, in "commercial systems" some provision code reduced income and profits to producers of computer 

must be made for funds transfer before a student is given full based information and applications by diverting income and 

access to courseware content (although a demo might be 30 profits to illicit "factories" which reproduced computer disks 

available at no charge). For instance, each student may be and CD-ROMs without permission from the rightful owner, 

required to provide a credit card number, to pre-pay for Many technical protection schemes were developed to 

access by giving cash or a check to an attendant, or to combat the ability of the market to reproduce information 

provide individual billing information if credit is being without payment to the owner. Some "copy-protection" 

extended. 35 schemes made it difiBcult to make copies, regardless of the 

The present invention is concerned primarily with com- legitimacy (e.g. for unauthorized resale versus for proper 

mercial courseware delivery systems as opposed to aca- backup) of the copies. 

demic courseware delivery systems. Other schemes defined zones of control on a CD-ROM 

Technical vs. Legal Security and made a "key** necessary to read the zones, For instance. 

As time passes, personal computers and other computa- 40 if a CD-ROM had 60O megabytes of information oh it, a 

tional devices are able to record into machine readable form person might buy the legal right to see, view, or use 100 

more and more complex presentations or experiences. For megabytes for $50.00. Information would be available in the 

example, personal computers in the 1980's mainly manipu- first 100 megabyte zone regarding the contents and cost of 

lated words, numbers, and characters; in the 1990 's manipu- information in the second or third 100 megabytes. For an 

lation of icons, images, audio and video has become com- 45 additional fee or fees, the viewer could obtain the key to 

monplace. The next step may include widespread use of additional segments of the CD-ROM. For instance, a second 

motion, as in simulators, and perhaps smell or other addi- $50 might buy the right to use the second 100 megabytes and 

tions. As the complexity of the process needed to place these a third $50 fee might permit the use of the third 100 

words, images, and other sensory experiences into machine megabytes. 

readable form inaeases, the value of computer software that so A problem with this approach (and with copy-protection 

presents these experiences increases. This increases in turn schemes) is that once a single purchase has been made of all 

the value of a security system which enforces courseware the information, or access to all the information on the disk 

license agreements. or CD-ROM has been obtained once, the information could 

Intellectual property rights are provided by copyright and be reproduced at will. An unauthorized factory could pro- 
other laws to encourage creative effort by artists, authors, 55 duce thousands of copies to be resold with no benefit to the 
and other people who create paintings, photographs, rightful owner of the intellectual property, 
animations, musical works, instructional texts, and other Similar problems exist with the site license approach to 
works. These works can be stored, presented, and utilized in protecting intellectual property. A licensed site such as a 
many ways. With the increasing availability of powerful corporation or a government agency obtains the right to use 
computers, many works that were traditionally available on 60 a program or digitized information from the intellectual 
paper, canvas, or tape are now stored in computer hard property owner, and is given a set of disks, CD-ROMs, or 
drives and computer RAM (random access memory), and file-server-based copies of the licensed work for authorized 
are displayed on computer monitors such as cathode ray tube internal use. The intellectual property owner relies upon the 
screens and liquid crystal displays. corporation or agency not to share the information or 

Early computers provided minimal technical security 65 program outside the bounds of the license. But the major 

means. On early personal computers, for instance, typing tool for enforcing the license agreement was not technical, 

"copy*.*" would direct the computer to copy every file or Instead, it was respect for the law and the agreement. 
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Unfortunately, some corporations and even some govern- One method of the invention operates in a network 

ment agencies were staffed, at least in part, by people willing containing a registration server, a content server connected 

to take home a copy of the software or other licensed work to the registration server, and several client workstations 

and share it or sell it to an illegal copying factory. connected to the content server After a user registers with 

Under a common relationship between works of intcUec- 5 the registration server and requests access, the content server 

tual property and the Internet, users view courseware and authenticates the request and serves the content to the client 

other information for free. The information is shared for free workstation for presentation to the user. Content may be 

because providing the information helps the work's owner moved by the system between content servers in response to 

sell a product, or saves the owner money by reducing actual or anticipated user requests, users may reserve 

technical support costs, for example. In the research courses for later viewing. If the target content server lacks 

community, huge sets of information are regularly room to receive the incoming content, the system makes a 

exchanged via file transfer protocol or other digital means, recommendation to the local administrator as to which 

Similarly, information in courses can be made available on content should be deleted from the content server in order to 

the web, and can be viewed via a browser. ^j^kc additional room. 

The present invention relates to protecting content both by Courseware and other content managed by the system 

technical means and by legal mechanisms. Although some 15 ^^^^^^ ^^^^ ^^^.^.^^^ portions" which have been 

mformation may be shared for free wuhm a system acc^^^ / unauthorized use and thereby 

mg to the mvenlion, much of the information available . *u . c , u * \ * * v,* • *k 

through the inventive system is provided only in exchange the Pf°'««'°n of intellectual property nghts in he 

for li^nse fees or the Uke paid by students or their employ- '«<=hnical means. For example, the treatmg step 

20 °^*y i^^rt disabhng code into an executable portion or 

Courseware v. Other Content courseware, may encapsulate the critical portion in a data- 

Those of skill in the art will recognize ±at many of the base table, may compress the critical portion, and/or may 

comments above apply not only to courseware, but also to encrypt the critical portion. In addition, the content server 

other types of digital content, including without limitation and/or client workstation may disable use of a critical 
musical recordings, visual images, and the like. Such con- 25 portion if an expected security handshake is not received, 

lent may appear as components of multimedia courseware, Caching and other disk writes at the client may also be 

but it may also be distributed independently of courseware disabled to prevent a permanent copy of the critical portion 

and/or for purposes other than education. As used herein, from being created at the client. To take advantage of low 

"content" includes both courseware and other kinds of cost telephone connections, part or all of the content may be 

digital content. downloaded to the client workstation one or more hours 

Additional Considerations before serving the critical portion. 

In addition to the considerations above, certain trends are monitors the connection between content 

worth notmg. Many courses are available on the web, yet in ^^^^^ ^^-^^^^ ^^^^^ ^^^^^^^ ^ ^^^^ 

general the more attractive the course is (visually, in activity, ^^^^^ Pre-existing works can be 

motion, video, sound, and so on the more time it takes to ^.JJ^^J^, being modified. In some cises, however, a 

refresh the computer screen at the user s workstation. To . j 1 • • • . j u i - 1 • 

i^LiK^aii ui^ ^ , ^, . ^ u A A.u ' metering security module is injected by linking or recom- 

reduce download time, more and more bandwidth is -i • * w j ui r r 1 4 

, - ' T^^^ /« 1 • ij * 1 u pilation into the machine readable form of a work that 

requested. Users go from a POTS ( plain old telephone ^ . , „ * . ui • * n ^, i * aaa- 

^ ,. ,r.T^xr 1- * 1- -.u • ■ contams legally protectable mtellectual property. Adding the 

system ) hne, to an ISDN Ime to a Tl line, with increasing . & J^t' t- t- j u u 

^ \ ' „ . ,r metenng secunty module alters the system, such as by 

costs at each stage. However, the cost of computer storage . ^ . « ; n * i 

J . ..1 A * u- J ui 1 40 mscrting disabling code, so that the system will not play or 

is droppine rapidly. As most machme readable classes ^ t. , ^. * . 1 * • •» ^ 1 • 

. u -i.^ - • *u *rp A display the content unless the metering security module is 

remain less than a meabyte in size, the cost of torward ^ f, . „ 1 • 1 j j- i ■ •* 

* ^f,/ ,1. 1 . operating. "Playmg a work includes displaying It, execut- 

stonne a machine-readable class to the personal computer . »• n • 1 *l • 

^ . , . . . , 1 J • •A^ mg It, digitally manipulating it, or otherwise performing an 

owTier wishmg to ake the class js droppmg rapidly. act governed by the license agreement or by relevant inlel- 

As the speed of market developments m the computer lec^al property law. Unless the metering security module is 

industry inaease, the delay and cost of obuming legal J ^nd authorizes the use. a monLr will not display 

remedies increase, and the technical ease of copymg and ^^^^^ ^^^^^^ ^^^^ ^^^.^^ 

distributing electronic information increases dramatically - . . * j j .- I* 

.V .. . , t ui • *u T . 4 ere will not play certam protected sounds, motion sunulators 

with the interconnections available via the Internet, ,11 ™i;^„o n^A f^^nu 

, - . J J will not perform certain protected motions, and so lorln. 

improved tools for managing courseware arc needed. r™ . • • r c.i. 

As discussed above, a wide range of computer-assisted so The user receives an invoice for use of the courseware or 

educational features and capabiUties have been explored, at ^^.^er content. A local admmistrator can be authonzed to 

least to some extent. However, existing approaches have adjust invoices m response to user requests. For instance, the 

been less successful! at combining these features and capa- admimstrator may determine that the user did not finish 

bilities into an architecture which securely and effectively question, or accidentally started the 
shares commercial courseware. Accordingly, it would be an 55 wrong course, and then reduce the charges on that basis^ If 

advancement in the art to provide an improved computer previously provided a credit card payment autho- 

architecture for sharing commercial courseware and other Pf^^^^^ P^^"^^"^ ^ ^"^^^ 

content over a network manager makes appropriate adjustments to the credit card 

charges. 

BRIEF SUMMARY OF THE INVENTION go ghort, the architecture of the present invention provides 
The present invention provides improved capabilities for improved security, efBciency, and convenience for the man- 
man aging courseware and other content in a shared use agemenl of courseware or other content in a shared operal- 
operating environment such as a computer network. In ing environment such as a networic or a collection of loosely 
particular, the invention provides a commercial networked coupled networks. For instance, additional security is pro- 
content delivery method and system which does not exclude 65 vided by separating registration information from content, 
synchronous sharing but is focused on asynchronous shar- by identifying and treating critical portions, and by moni- 
ing. to ring the connection over which content is supplied to a 
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client. Convenience and efiBciency are provided by optional 
early downloading, by reservation capabilities, and by a 
combination of automatic and local administrator control. 
Additional features and advantages of the present invention 
will become more fully apparent through the following 
description. 

BRIEF DESCRIPTION OF THE DRAWINGS 

To illustrate the manner in which the advantages and 
features of tile invention are obtained, a more particular 
description of the invention will be given with reference to 
the attached drawings. These drawings only illustrate 
selected aspects of the invention and thus do not limit the 
invention's scope. In the drawings: 

FIG. 1 is a diagram illustrating a network architecture 
according to the present invention, including a registration 
server, several content servers, and several clients. 

FIG. 2 is a diagram further illustrating a portion of the 
network architecture of FIG. 1, including a content server 
and several clients. 

FIG. 3 is a diagram further illustrating a registration 
server. 

FIG, 4 is a diagram further illustrating a content server. 
FIG. 5 is a diagram further illustrating a client of a content 
server. 

FIG. 6 is a flowchart illustrating methods of the present 
invention, including steps for providing enhanced security to 
protect intellectual property rights in critical portions of 
content. 

FIG. 7 is a flowchart illustrating methods of operation in 
the present invention, from the point of view of a courseware 
user. 

DETAILED DESCRIPTION OF THE 
PREFERRED EMBODIMENTS 

The present invention relates to methods, systems, and 
configured storage media for managing courseware and/or 
other content in a shared use operating environment. 
Courseware includes digital instructional and/or entertain- 
ment content in the form of software, digitized sounds, 
digitized images, digitized motion paths, digitized chemical 
compounds, and other works which can be transmitted over 
a computer network for presentation to a user and which 
contain intellectual property that is protectable by copyright, 
patent, trade secret, trademark, trade dress, moral rights, 
common law rights, contract, and/or other sources of legal 
authority. Courseware is sometimes referred to herein as a 
"course" or "class" or "work" or "content"; "content" and 
"work" are used interchangeably to describe material of 
which courseware is just one example. Specific examples of 
courseware and other content are given to illustrate aspects 
of the invention, but those of skill in the art will understand 
that other examples may also fall within the scope of the 
invention. 

A shared use operating environment is an environment in 
which more than one person can use content, without 
necessarily sharing a specific copy of that content, with the 
assistance of a computer network or a collection of coupled 
networks. As used here, "network" includes local area 
networks, wide area networks, metropolitan area networks, 
and/or various "Internet" networks such as the World Wide 
Web, a private Internet, a secure Internet, a value-added 
network, a virtual private network, an extranet, or an intra- 
net. 
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Overview of the Architecture 

FIG. 1 illustrates generally an architecture 100 of a shared 
use operating environment according to the present inven- 
tion. The architecture 100 includes at least three levels 

5 which are defined according to the functionality and data 
that are present and/or intentionally omitted from each level. 
Those of skill in the art will appreciate that the levels may 
be being named differently in various embodiments, but for 
clarity they are referred to herein as a registration server 

10 level 102, a content server level 104, and a client level 106. 
Hie registration server level 102 includes at least one 
registration server 108. The functionality and data associ- 
ated with the registration server(s) 108 are described in 
detail below. At this point, it is sufficient to note that each 

15 registration server 108 includes a remote registration man- 
ager and a registration database for new user registration, 
and that each registration server 108 is free of courseware or 
other deliverable content that is managed by the architecture 
100. In particular, courseware is not stored on the registra- 

20 tion server 108. 

The content server level 104 includes at least one content 
server 110. For clarity of illustration, three content servers 
110 are shown, but an embodiment of the invention may 
include one or more servers 110. Each content server 110 is 

25 linked by a link 112 for network conununications with a 
registration server 108. In an embodiment containing a 
single registration server 108, such as the embodiment 
illustrated, each content server 110 thus has a network 
connection 112 (or may readily obtain such a connection) to 

30 that registration server 108. In embodiments containing 
more than one registration server 108, di£ferent content 
servers 110 may communicate over one or more network 
links 112 with one or more of the registration servers 108. 
Each network link 112 may involve a dedicated link, a 

35 virtual circuit, a tunnel through one or more intervening 
networks, or one or more other types of network commu- 
nication links known to those of skill in the art. 

Each content server 110 contains courseware and/or other 
works managed by the architecture. Like the registration 

40 server 108, a content server 110 may also contain data which 
is not managed by the architecture and which is thus of no 
concern here unless it interferes with operation of the system 
100, Each content server 110 serves the managed content for 
presentation to registered users, that is, users who have 

45 previously been registered with the registration server 108. 
At a minimum, registration provides users with a unique 
user name or user ID; it may also coordinate a password or 
otherwise manage access control. With the possible excep- 
tion of registration for free demonstrations, which may be 

50 available in some embodiments, registration also obtains 
billing or payment information such as the user's credit card 
information, purchase order, and/or sponsor identity. 

The registration server 108 and the content server(s) 110 
may be implemented with a combination of computer hard- 

55 ware (e.g., disk or other non-volatile storage, RAM or other 
volatile storage, one or more processors, network interface 
cards, supporting I/O equipment) and computer software 
(e.g., operating system software, networking software, web 
browser software, and inventive software as described 

60 herein). In particular, suitable software for implementing the 
invention is readily provided by those of skill in the art using 
the teachings presented here and programming languages 
and tools such as Java, Pascal, C++, C, CGI, Peri, SQL, 
APIs, SDKs, assembly, firmware, microcode, and/or other 

65 languages and tools. A given computer may host several 
content servers 110, or it may host several registration 
servers 108, but a content server 110 and a registration 
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server 108 may not reside on the same computer because tially as described herein. As used herein, "executable" 

that would violate the requirement that registration servers includes "interp re table"; (executable code thus includes 

108 not contain courseware, compiled code as well as codes like Java byte codes or 

llie client level 106 includes at least one client worksta- interpreted BASIC statements, 

tion 114, and typically includes multiple workstations 114, 5 A Network of Registration Servers and Content Servers As 

Each client workstation 114 is connectable to a content noted, the network 200 involves at least one content server 

server 110 by a client-server network communications link level 104 computer and one or more client level 106 

116, such as a local area network link. At some point, each computers 114. Some of the characteristics of the network 

client workstation 114 is able to present, to at least one 200 may also apply to networks, such as that shown in the 

registered user, courseware and/or other content which is lo upper two-thirds of FIG. 1, which involve the registration 

served over the link 116 by the content server 110. The server level 102 and the content server level 104. 

content may be conventional content, or it may be modified For instance, the computers 108, 110 may be 

by treating critical portions as described herein, or it may be workstations, uniprocessor or multiprocessor servers, 

a combination of untreated and treated works. Although mainframes, or a combination thereof such as a cluster, 

clients 114 are referred to as workstations in deference to the 15 Nonvolatile storage such as a disk array and/or other devices 

expected typical situation, it will become clear that laptops may be connected to the computers 108, 110. The computers 

and other computers may also serve as clients 114. 108, 110 may be linked by communications or networking 

Registration servers 108, content servers 110. and clients software such as the software available from various ven- 

114 are further illustrated in FIGS. 3, 4, and 5, respectively, dors and may operate using TCP/IP and/or other protocols 

However, before describing those three Figures the relation- 20 over connections 112 that include data transmission "wires", 

ship between content servers 110 and clients 114 is dis- as described above. The computers 108,110 may likewise be 

cussed with reference to FIG. 2, and the relationship part of a network which encompasses smaller networks 

between registration servers 108 and content servers 110 and/or is connectable to other networks. Finally, the com- 

shown in FIG. 1 is described in greater detail. puters 108, 110 may be capable of using a drive or other 

A Network of Content Servers and Clients 25 means to read a configured storage medium 204. 

FIG. 2 further illustrates one of many possible client- One example of a network 200 suitable for a metered 

server networks 200 suitable for use according to the inven- security relationship is a network holding several thousand 

tion. The network 200 includes one content server 110 and machine readable courses. A conventional approach charg- 

four clients 114. Other suitable content-server-client net- ing one fee for unlimited use of each machine readable 

works 200 may contain other combinations of content 3D course by a single personal computer 114 or a single location 

servers 110, clients 114, and/or peer-to-peer nodes which (e.g., a corporation or agency) would be prohibitively 

perform as content servers 110 and/or clients 114 according expensive. In an embodiment according to the invention, the 

to the inventions with appropriate software, a given com- secured courseware or other content can be shared by 

puter may function both as a client 114 and as a server 110. various users, and each minute of use is counted and billed 

The computers 110, 114 connected in a suitable network 200 35 to the user or to the sponsor of the user (e.g., the corporation 

may be workstations, laptop computers, disconnectable or agency employing the user). Unlimited use is not 

mobile computers, uniprocessor or multi-processor required, and the license fee is reduced accordingly, 

machines, mainframes, so-called "network computers" or Registration Server 

"lean clients", personal digital assistants, or a combination FIG. 3 further illustrates a registration server 108. The 

thereof Nonvolatile storage 202, printers 40 registration server 108 includes at least a portion of a 

other devices may also be connected to the network 200. registration manager 300 and of a corresponding user reg- 

The network 200 may include communications or net- istration database 302. Collectively, the manager 300 and the 

working software such as the software available from database 302 form a registration module which provides at 

Novell, Microsoft, Artisoft, SCO, and other vendors, and least unique user IDs and user password support. The 

may operate using TCP/IP, SPX, IPX, and other protocols 45 registration module may also obtain and store in the data- 

over connections 116 that include twisted pair, coaxial, or base 302 information such as the identity of a corporate or 

optical fiber cables, telephone lines, satellites, microwave government sponsor that employs the user, and the user*s 

relays, modulated AC power lines, and/or other data trans- email address for use in notifications of upcoming services 

mission "wires" known to those of skill in the art. The or events. 

network 200 may encompass smaller networks and/or be 50 The proposed user ID and password are checked against 
connectable to other networks through a gateway or similar existing registration information in the database 302 to make 
mechanism. certain they are unique throughout the architecture 100 
As suggested by FIG. 2, at least one of the computers 110, embodiment. This provides security to users so that charges 
114 is capable of using a floppy drive, tape drive, optical for services will be valid and services cannot be stolen by an 
drive, magneto-optical drive, or other means to read a 55 unknown or duplicate user and then charged to the wrong 
storage medium 204. A suitable storage medium 204 user ID. Of course, users must still be careful to keep their 
includes a magnetic, optical, or other computer- readable own password information confidential and to choose pass- 
storage device having a specific physical configuration. words which are not simply a copy of their usemame or 
Suitable storage devices include floppy disks, hard disks, other easfly guessed information. User login and authenli- 
tape, CD-ROMs, PROMs, random access memory, and 60 cation tools and techniques familiar lo those of skill in the 
other computer system storage devices. The physical con- art may be used. 

figuration represents data and instructions which cause the Security is enhanced by making all new registrations go 

computer system to operate in a specific and predefined through the registration server 108. New user registration 

manner as described herein. Thus, the medium 204 tangibly information is processed on the registration server 108; user 

embodies a program, functions, and/or instructions that are 65 registrations cannot be created by any content server 110. 

executable by compute r(s) to assist content management The updated registration database 302 is replicated in a 

generally, and license enforcement in particular, substan- read-only format to content servers 110 so they can recog- 
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nize registered users, but a new user registration cannot be account to the service provider's account or the content 

created directly on a content server 110. One advantage of owner's account. 

this approach to users is that they need not repeat registration The funds flow manager 308 makes customer interactions 

information each time they log onto a client 114. Registra- with the system 100 faster and more effective. For example, 

tion database 302 replication may be performed using 5 upon first using the system 100, the user may provide a 

Oracle 8.0 enterprise software or other familiar means. billing code such as a corporate purchase order number or 

As illustrated in RGS. 3 and 4, in one embodiment of the credit card nmnber. Once this information is accepted by the 

architecture 100 a portion of the registration module resides funds flow manager 308, the user may make it the default 

on each registration server 108 and a portion resides on each payment option to be applied when logging out after future 

content server 110. Other embodiments may distribute reg- lo service purchases. 

istration module ftinctionality differently between the three The funds flow manager 308 may also provide a custom 

levels 102, 104, 106, subject to the appended claims. Those menu to users. For instance, the system 100 may be con- 

of skill in the art wiU readily implement the registration figured so that only courses approved by a particular entity 

manager 300 based on commercially available tools and are displayed if the user identified that entity as its sponsor 

languages such as C++ or Java and the description given 15 while signing on. If this same user wishes to see other 

herein. The database 302 may likewise be implemented as courses, the user may log out and then login again as an 

an Oracle database or in another familiar database format. In individual client, after which all courses available for indi- 

one embodiment, Java software in the registration manager viduals (whether employed by the sponsor in question or 

300 is used to write new user registration information to an not) wiU be displayed as possible selections. 

Oracle database 302. 20 The illustrated registration server 108 also includes at 

The registration server further includes a reservation least part of a content movement manager 310 which moves 

manager 304 and a reservation database 306. Collectively, courseware and/or other content to content servers 110 in 

the manager 304 and the database 306 form a reservation response to actual or anticipated requests from users for 

module which permits registered users to reserve access. As illustrated in FIGS. 3 and 4, in one embodiment 

courseware or other content. In combination with the funds 25 of the architecture 100 a portion of the content movement 

flow system described herein, the reservation module allows manager 310 resides on each content server 110 and a 

a user to book a guaranteed seat, a classroom, or another portion resides on each registration server 108. Other 

service, secure in the knowledge that it will be held for them embodiments may place aU content movement management 

until the specified time. In some embodiments, the funds functionality at the content server level 104. 

flow system will charge users for such guaranteed resource 30 The content movement manager 310 interacts with sched- 

rcservations regardless of whether the resource is actually uling software such as the reservation module and a launch 

used, because the resource was kept unavailable for use by manager 404 which is discussed below. When a user selects 

others. The reservation module can present a user with a courseware and/or other content for use at a given location, 

menu or a schedule of courseware presentation events in the scheduler determines whether the content is already 

various classrooms or other locations. It can also tell the user 35 resident on a content server 110 at or near the requested 

whether a given courseware event or piece of content is location. This determination may be made by reference to a 

available at a given time and whether a particular work is database which tracks content locations, or by making an 

already scheduled for use at that time. inquiry to the local content server(s) 110. 

Other embodiments may distribute reservation module If the content is not resident at the desired location, the 

functionality differently than shown between the three levels 40 scheduler places a call to the content movement manager 

102, 104, 106, subject to the appended claims. In one 310, The content is automatically packaged for shipment 

embodiment, the reservation module includes commercial from another content server 110 by FTP (file transfer 

off-the-shelf scheduling software provided by AC&E Ltd. of protocol) or other famfliar means, wifli appropriate encryp- 

ChantiUy, Va.; in other embodiments, other scheduling soft- tion and/or compression. The source content server 110 may 

ware may be used. The reservation manager 304 may also be 45 be a typical content server 110 as described above, or it may 

implemented using commercially available tools and Ian- be a master content server 110. Each master content server 

guages such as C++ or Java and the description given herein. 110 serves primarily as a content repository for other content 

The database 306 may be implemented as an Oracle data- servers 110, as opposed to serving primarily as a source of 

base or in another familiar database format. content for directly attached clients 114. 

The illustrated registration server 108 also includes at 50 The content movement manager 310 checks with the 

least part of a funds flow manager 308 which manages target content server 110 to determine whether sufficient disk 

content usage payment information. As illustrated in FIGS. space is available to receive the incoming content. If there 

3-5, in one embodiment of the architecture 100 a portion of is not enough space, the content movement manager 310 

the funds flow manager 308 resides on each client worksta- makes a recommendation to a local administrator regarding 

tion 114, a portion resides on each content server 110, and 55 which content to delete to make room for the incoming 

a portion resides on each registration server 108. Other content. The recommendation may be based on various 

embodiments may distribute funds flow management func- factors, including storage requirements and which 

tionality differently between the three levels 102, 104, 106, courseware at the target server 110 was used most recently 

subject to the appended claims. or is scheduled for use. For instance, if a course has not been 

The funds flow manager 308 accepts payment information 60 used for several months and has not been reserved, the 

such as a purchase order number or a credit card authori- content movement manager 310 is more likely to recom- 

zation. If payment is to be made by credit card, the funds mend that it be deleted than if it was used more recently or 

flow manager 308 places a hold with the credit card provider has been reserved. In one embodiment, the content move- 

or bank before the courseware and/or other content is ment manager 310 cannot delete content; only the local site 

presented. In connection with sending the user the final 65 administrator can. 

invoice, the funds flow manager 308 contacts the bank to Some embodiments of the architecture 100 include a 

transfer fiends from the user's account or the sponsor's backup registration server 108 which contains data mirrored 
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from the primary registration server 108 shown in FIG. 1. As Each illustrated content server 110 also includes a launch 

usual with mirrored systems, the backup server 108 will manager 404 for launching presentations of courseware 400. 

generally be in a different physical location than the primary The launch manager 404 coordinates initial activity such as 

server 108. Data mirroring tools and techniques familiar in course 400 selection by the user, any necessary course 4030 

the art may be used. 5 movement to bring the course 400 to the server 110 using the 

In addition to the functionality described above, the content movement manager 310, initializing security 

registration server 108 may provide advertising and other arrangements with the security manager 402, making the 

inducements for Web walkers and potential usere of the ^^^^^^^ connection 116 if necessary, and initiating presen- 

system 100 to become familiar with the system IM and to ^^^.^^ ^^^^^ ^ launching its executable portion 

cS^lnt SerTer'"^' ^ ^^'^^"^ '° downloading it to the client 114, for instance. In altema- 

HG° 4 ^rther illustrates a content server 110. The content embodiments the launch manager 404 hinctionality is 

server HO includes operating system software and network- ^ ^^'^^ °^ ^^"^y 

ing software, such as Windows NT operating system ^li, 

software, UNIX or Linux operating system software, Eth- Th« "^^^^^ manager 406 meters content usage. In some 
emet or NetWare networking software, and/or other soft- 15 embodiments, the metering manager also momtors the con- 
ware discussed in connection with FIG. 2. nection 116; in other embodiments monitoring is performed 

Unlike the registration server 108, the content server 110 by the security manager 402. Regardless, the metering 

contains courseware and/or other managed content 400. The manager 406 keeps track of elapsed time as a measure of the 

content 400 may take a variety of forms, including software, user's use of the content. A portion of the meter manager 406 

video, audio and other types of digital content. The content 20 resides on each client workstation 114 and a portion resides 

400 may also be treated according to the present invention on each content server 110. The two portions of the meter 

by identifying critical portions and providing enhanced manager 406 create a link which is carried over the con- 

security for those portions. Security for the content 400 as a nection 116. That is, the metering link rides on top of an 

whole is also provided by a security manager 402, which Ethernet or other conventional communications link, 

monitors use of the content 400. In the illustrated 25 In one embodiment, the meter manager 406 creates a start 

embodiment, a portion of the security manager 402 resides note (event) when courseware is successfully launched. The 

on each client workstation 114 and a portion resides on each meter manager 406 will associate this start note with a 

content server 110. In alternative embodiments, the security corresponding end note within one minute (or other defined 

manager 402 may reside entirely on the content server 110 interval) of the time the user chooses to finish this course 

or entirely on the client 114, 30 400 presentation. The difference in time between launching 

As illustrated, a portion of the registration manager 300 the presentation and finishing or interrupting the launched 

resides cn the content server 110. At the content server level presentation is the metered difference, which will serve as 

104, the registration manager 300 only needs to recognize the basis for the invoice presented to the user or to the user's 

registered users and provide them with access to content sponsor. 

400. New users are created at the registration server level 35 The meter manager 406 may track several open notes for 
102. In one embodiment, the registration manager 300 a given client 114, since clients 114 may use operating 
includes dynamic HTML and/or commercially available system software that allows several executables to run at the 
Oracle Web Application Server software, from Oracle Cor- same time. Metering statistics may be administered using an 
poration of Redwood Shores, Calif. Use of the Oracle Oracle database 408 or other database 408 to provide 
software may require that a portion of the registration 40 system-wide statistics and system-wide information reports, 
manager 300 also reside on each client 114 and/or on the In one embodiment, meter manager 406 records are con- 
registration server 108. structed in a format that allows their use in conjunction with 
Critical portions of the content 400 may reside in database a rate table, thereby allowing the funds flow manager 308 to 
tables managed by the security manager 402. For example, create an invoice based on both the particular content 400 
executable portions of content or synchronization inform a- 45 used and the elapsed time. 

tion for coordinating audio and video in content may be Every rate in the rate table may be associated with a 

stored in a database table. Database table names do not destination account, such as the account of a content 400 

necessarily reflect content in the sU^aightforward manner in vendor or the account of a con tent -providing site 200 

which more typical content file names can reflect file con- manager. The fiinds flow manager 308 supports automatic 

tent. Also, database tables may be difficult to access directly 50 payment using familiar and industry standard credit card 

through the file system; it may be necessary to go through payment methods. The funds flow manager 308 accepts 

the database management software. Accordingly, placing electronic billing information from the meter manager 406, 

content 400 in database tables tends to make it more difficult and accepts (electronically stored payment information such 

for unauthorized users to locate and use the content 400. as credit card numbers from the registration module. 

In addition, when content 400 is moved between com- 55 The meter manager 406 and/or security manager 402 
puters (be they clients 114, servers 110, or a mixture), provide several security features. First, the client 114 desk- 
critical portions of the content 400 may be divided between top is disabled so that the user can only obtain service 
two or more data tables so that theft of any single data table through the metered and monitored connection 116. Second, 
will not provide satisfactory service. As a further precaution, each element of potential service such as multimedia 
in one embodiment the security manager 402 sends one or 60 content, executables, and courseware tests, is; defeated so 
more critical portions of content (possibly in data table that its executable portion will not run even if it is located 
format) only to a client 114's volatile memory rather than by an unauthorized user. The executables are modified to 
sending all critical portions to nonvolatile memory such as require security handshakes from the meter manager 406 
a client U4 disk. Critical portions sent only to client 114 and/or security manager 402 so the service 400 will not 
RAM may be scrambled or erased when the client 114 shuts 65 operate at all, or will operate for only a limited period of 
down or is rebooted, making it even more difficult to make time, if the metered connection 116 or the meter manager 
illicit copies of the content 400. 406 and security manager 402 are not present. 
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In one embodimeoU the client 114 desktop will turn off if 
the meter manager 406 on the client 114 is not in touch with 
the meter manager 406 on the content server 110 on a 
minute-by-minute basis. For the convenience of the user and 
to ease administration of the system 100, the meter manager 
406 can be adjusted to invoke this "dead man's switch" at 
various time intervals other than one minute. An aggressive 
approach makes the workstation 114 freeze if a single 
minute passes with no contact. A more lenient approach may 
freeze Rinctionality within five minutes after the connection 
is lost. 

In one embodiment, the same polling software element in 
the meter manager 406 which triggers the dead man*s switch 
also provides a periodic update to the database 408 that is 
used by the funds flow manager 308 for billing. Each minute 
that the polling function of the meter manager 406 returns a 
message from the client 114 to the server 110 indicating that 
the user ID remains active on the client 114, the database 408 
is updated to reflect an additional minute of use for billing 
purposes. 

Polling updates each open request, such as each open 
courseware presentation. For instance, if in the first minute 
the user ID requests a login and then makes one open service 
400 request, an open event is updated for this user ID in the 
database 408 table for the time elapsed. If the same user ID 
then requests a second counseware 400 presentation, each 
courseware 400 event ID is associated with the login by this 
user and this client desktop 114, and two time events occur 
to update the database 408. Thus, subsequent courseware or 
other service offerings which are opened in the client 114 
browser 502 can be added to the time table in the database 
408 using the same polling function. The polling function 
operates similarly for sequential (as opposed to concurrent) 
activity. If the user ID for a given login closes a courseware 
presentation 400 or other event ID but retains the login, then 
while the login time continues to update (enabling billing for 
use of the personal computer 114), the first courseware 400 
offering will end and a new courseware 400 offering can 
begin during the same login session. 
Client 

FIG. 5 further illustrates a client 114. As noted above, the 
client 114 may be a client in the traditional server-client 
network sense (further configured to operate according to 
the invention), or the client 114 may be a node in a 
peer-to-peer network. The client 114 is always a client in the 
sense that it receives courseware 400 or another service from 
at least one content server 110. 

The client 114 includes operating system software and 
networking software 500 such as Windows 3.1, Windows 
95. Windows 98, Windows 2000, or Windows NT software, 
Ethernet software, and/or other software discussed in con- 
nection with FIG. 2. 

The client 114 also includes a browser 502, such as a 
Microsoft Internet Explorer or a Netscape browser, through 
which courseware and/or other content 400 is presented to 
the user. In addition, the registration module may be 
browser-based or Oracle-based and browser-transported, so 
that any client 114 which supports an Internet connection 
and a Web browser 502 can be used to contact the registra- 
tion server 108 to create a new user registration. 

As previously discussed, the client 114 receives 
courseware and/or other content 400 from the content server 
110. The content 400 may be provided in portions 504 which 
are defined in one or more of the following ways. First, 
portions 504 may be critical portions which have been 
treated for enhanced intellectual property protection as dis- 
cussed elsewhere herein. Second, the portions 504 may be 
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non-critical portions or a mixture of critical and non-critical 
portions, which are downloaded early in preparation for later 
presentation to the user. Early downloading may take advan- 
tage of the relatively low cost of telephone connections as 

5 opposed to other connections. Finally, content portions 504 
may be a mixture of critical and non-critical portions such as 
episodes or chapters in a presentation, which are sent from 
the content server HO to the client 114 in sequence as the 
user proceeds through the content 400 presentation. 

10 Other components of the client 114, including the security 
manager 402, meter manager 406, and funds flow manager 
308, are discussed elsewhere herein. 
Methods Generally 
FIGS, 6 and 7 further illustrate methods of the present 

15 invention. FIG. 6 illustrates generally intellectual property 
license enforcement methods of the present invention, while 
FIG. 7 illustrates operational methods of the system 100 
from the perspective of a courseware user. Although par- 
ticular method steps embodying the present invention are 

20 expressly illustrated and described herein, it will be appre- 
ciated that system and configured storage medium embodi- 
ments may be formed according to methods of the present 
invention. Unless otherwise expressly indicated, the descrip- 
tion herein of methods of the present invention therefore 

25 extends to corresponding systems and configured storage 
media, and the description of systems and configured stor- 
age media of the present invention extends likewise to 
corresponding methods. 
License Enforcement Methods 

30 In describing FIG. 6, an overview is provided first. Then 
the individual steps are revisited and discussed in greater 
detail. During an identifying step 600, at least one critical 
portion of the content 400 is identified; courseware is one 
example of the "work" referred to in the corresponding 

35 section of the *302 application to which the present appli- 
cation claims priority. The critical portion is separated, 
encapsulated, encrypted, compressed, created and added, 
and/or otherwise treated to enable enhanced protection dur- 
ing a treating step 602. 

40 At some later time, a user requests access to the treated 
content 400 during a requesting step 604. If the content is not 
already present on a local content server 110, it may be 
moved to such a server 110 during a step 606, The non- 
critical portion of the content may be downloaded to the 

45 user's location during an optional early downloading step 
608. 

The user's right to access the critical portion is verified 
during an authenticating step 610, a metering and monitor- 
ing step 612 is started, and the critical portion is then 

50 provided to the user during a monitored downloading step 
614. If the ongoing or recurring monitoring step 612 detects 
a violation of the license, a disabling step 616 occurs to 
prevent or inhibit further use of the treated content. Total 
license fees based on the metering are calculated and 

55 charged during an accounting step 618. Each of these steps 
will now be described in greater detail. 

During the identifying step 600, one or more critical 
portions of the content 400 are identified. The critical 
portions should be small enough for rapid treatment during 

60 step 602 and rapid downloading during step 614, but critical 
enough to make most users pay the hcense fees charged 
during step 618 rather than use only the non -critical por- 
tions. In a multimedia course, for example, critical portions 
might include executable files or the answers to interactive 

65 tests. If the executable is large, critical portions might be part 
of the executable such as a jump table or a proprietary 
dynamically linked library file needed to perform I/O opera - 
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tions. Critical portions may be preexisting elements of the such as the executable code, audiovisual synchronization, or 

content 400, or they may be created and inserted in the order of presentation could then be downloaded on an 

content 400. For instance, handshake code may be added to as-needed-and-still -authorized basis the next day during step 

an executable to require periodic successful handshakes with ^l^- 

a server 110; if the handshake fails, execution is aborted. 5 During the step 612. a timing meter is started in cases 

In content 400 that contains no executable computer code, where the license fee is not a flat per-use fee but is based 

but merely contains audio, visual or other data, critical instead on the connection time. Monitonng and metenng 

portions could be initialization or synchronization ^ ^^^'^'^ ^f^P^. ^^^er methods according to the 

r f . , . , ^ . ^„ *u/» mvention; monitoring is concerned primarily with prevent - 

information, or particular text or images that convey impor- • j l-i * • • j u • 

. - - . J • * . * ■ J. « ing unauthorized use, while metering is performed as a basis 

tant information to auserorprovade important entertamrnen id ,,1,^,^^ ^-^^^^ f,,,. Regardless, a system according 

value. Two of the many possible examples include a final invention starts monitoring the connection 116 to 

scene of a mystery in which the murderer is revealed, and a ^^^^^ ^^^^ authorized and to prevent attempts 

checklist summanzing the main steps in a diagnostic tech- obtain a complete copy of the content which is not 

nique being taught by courseware 400. protected by treatment of critical portions. In particular, 

During the treating step 602, critical portions of the 15 initial or further downloading of critical portions during step 

content 400 are treated to restrict their unauthorized use. ^14 \s not allowed (because part of disabling step 616 

Possible treatments include creating and inserting security occurs) if the monitoring step detects any of the following 

codes, separating pre-existing critical portions so they are conditions: 

not downloaded with the non-critical portions, encrypting 1. The user logged in is not an authorized user (step 604 

critical portions, compressing critical portions with a pro- 20 authentication failed); 

prietary method (which effectively combines compression 2. The user site is not at an expected, authorized network 

and encryption), and/or encapsulating critical portions. One 200 (IP or LAN or MAC or Ethernet and/or socket or 

form of encapsulation places the critical portion in a data- port) address; or 

base table, such as a relational database table in a commer- 3. The user site 114 failed to return an expected periodic 

cial database formal used by Oracle, Sybase, Informix, or 25 security handshake value. 

another familiar vendor. This has the advantage of making With further reference to the treating step 602 and the 

critical portions easier for the system 100 to track, and the monitoring and metering step 612, the present invention 

advantage of hiding critical portions from unauthorized allows an intellectual property owner to insert a meter and/or 

discovery by file system tools that rely on filenames, such as security code into any information set, executable 

directory listing and directory search tools. 30 application, image, video, or other computer based work 400 

The requesting step 604 may be performed using user containing intellectual property, and to require a permanent 

login procedures, courseware and/or content selection tools relationship between such works and the metering software 

such as menus, and network communication means and 406 which is located on a machine 110 remote from the user 

methods familiar to those of skill in the relevant arts, site 114. The relationship is preferably simple, lowering the 

including those discussed above in connection with FIG. 1 35 processor and bandwidth requirements of the network com- 

and/or FIG. 2. The user may also be asked for an account munication path 116 between the metering server 110 and 

password, a credit card number, or similar guarantee that the the user's site 114. The relationship ensures in most cases 

license fees for use of the content 400 have been or will be that a copy of the work 400 will not be fully available except 

paid. During the requesting step 604, the user is also shown for licensed time periods and at licensed user sites, 

the license agreement terms and conditions, and is then 40 In some embodiments, the content 400 has elribedded in 

asked to actively accept or decline being bound by the it a time stamp, a date stamp, a copy stamp, an Internet 

license agreement. Protocol ("IF') address stamp, and/or code enforcing a 

During a content moving step 606, content 400 may be requirement that the treated content only execute or display 

moved from another content server 110 (which may reside on the client 114 CRT when the computer 114 receiving the 

in another network 200 or which may be a repository content 45 copy is in a recognized relationship with the computer 110 

server 110 as discussed herein) to the local content server which sent the course. This relationship is via a POTS line 

110 which serves the client 114 that is being used (or that 116, or any telecommunications link 116 which provides 

will be used) by the user in question. This is accomplished constant or reliable presence. 

as described in connection with the content movement A constant or reliable presence allows a handshake once 

manager 310. 50 per configurable time interval or configurable repeated 

Content 400 which requires significant download time can event. The handshake verifies that the user computer 114 in 

be loaded eariy during the step 608, at least in part, to contact with the server 110 is still the same user computer 

minimize the delay experienced by users. As the cost of 114, using its IP address or the IP address of its gateway and 

telecommunications services has remained largely constant the password into the gateway required by its Internet 

over time, while the price of memory and computational 55 service provider. On a local area network 200, the handshake 

power have doubled in cost-effectiveness about every eigh- may use the LAN address. 

teen months, the invention allows one to reduce or eliminate In some embodiments, in addition to the consistent veri- 
the serving of machine readable classes in real-time over the fication that the content 400 is resident on the same user 
web or the Internet or from a file server. Instead, content 400 computer 114 connected via the same Internet service pro- 
is downloaded during step 608 using telecommunications 60 vider gateway IP address, both the server 110 with the meter 
connections which are slow but relatively inexpensive and 406 and the computer 114 with the content 400 have 
often billed according to a flat rate rather than connection identical "random" number generators. These random or 
time. pseudo-random numbers must match each interval, or at 
For instance, knowing that tomorrow is the first day of least be in the same order (it is understood that the content 
class in a new course, the multimedia sound and images in 65 recipient computer 114 may be hundreds of milliseconds 
the course 400 could be downloaded by students during the away from the server 110 when a connection required for a 
night before the course 400 is presented. Critical portions course 400 travel,, over part of the Internet). 
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The random number pairing is once per client-server pair gateway information, password information, and user ID 

114, 110; per workstation 114; or per connection U6, information on how the copies were made, what order the 

depending on the embodiment. In one embodiment, for copies were made in, and the time and date stamp of each 

example, each connection 116 spawned from a content copy of the content 400, The information can be maintained 

server 110 will have the same random paired number set, 5 in a circular buffer holding N records, with information for 

One set runs on the server 110, and the same set runs on each the N-plus-first copy being copied over the information 

user computer 114 which is receiving the content 400 related to the first copy so that the buffer file size remains the 

essentially simultaneously. To confirm that the sequence is same. 

the same, each computer 110, 114 has a daleAime stamp User View of Operational Methods 

program 402 running, and each date/time stamp must agree lo FIG. 7 illustrates methods for operating the architecture 

at least once per minute. Thus, any computer 114 presenting 100 from the point of view of a user. During a registering 

a course 400 in this way must reset its date/time clock to step 700, the user sits down at a client 114, locates the 

agree with the content server 110 date/time stamp. service provider Web site which is hosted by the registration 

In addition to, or instead of, metering content executables, server 108, and then provides registration information to the 

the present invention can also meter "data transfer 15 registration manager 300. Suitable registration information 

executables". Examples of data transfer executables include may include, for instance, the user's name, address, sponsor, 

applications used to operate or access video conferencing password (the password may also be generated by the 

cards, network interface cards. CD-ROM controllers, fax registration manager 300 rather than be provided by the 

systems, modems, and other data transfer devices that can be user), and payment information such as a purchase order 

used in multimedia, audio, or video presentations. For 20 number or credit card number. 

instance, the use of codec (compression-decompression) The registration manager 300 verifies that the usemame 

software and/or hardware which is used to transfer audio or and password are unique by checking the database 302, and 

visual data between data formats can be metered according then adds a new user registration record to the database 302. 

to the invention. Finally, the registration manager 300 notifies the user that 

Such metering and authentication systems and methods 25 registration is complete. If a sponsor was identified by the 

allow any course 400 to be downloaded lo the personal user, the registration manager 300 optionally also notifies a 

computer 114 of the person who will be taking the course course administrator at the sponsor by email. 

400. The user^s computer 114 may be located at the user's During an optional reserving step 702, the registered user 

place of employment or at the user's home or at a training reviews menus of available content and associated times and 

facility- An external hard drive can be rented with the course 30 locations, and places one or more reservations with the 

400 and authentication software mounted. This hard drive reservation manager 304. The reservation manager 304 

can be connected to a personal computer 114 running verifies availability and enters the reservation, using the 

Windows 95, Windows 2000, Windows NT, Macintosh, or reservations database 306. If a reserved course is subse- 

other familiar operating system software, via comm port one quently canceled, some embodiments of the reservation 

or the like (WINDOWS 95, WINDOWS 2000, and WIN- 35 manager 304 send a notice to the registered user by email. 

DOWS NT are marks of MiCTOsoft; MACINTOSH is a mark During a payment authorizing step 704, the registered 

of Apple). Any personal computer user not needing addi- user provides credit card information, and provided implicit 

tional hard drive space can simply make an FTP request, set or explicit authorization to bill the credit card for services 

up the request before going to bed, and find the course 400 provided. As noted above, this step may be part of the 

(or most of it if criticar portions are not available for early 40 registering step 700. The payment authorizing step 704 may 

downloading) available in the morning. By having much or also be performed later, if the necessary infonnation was not 

all of the course 400 available on his or her personal available at the time of beginning registration, for instance, 

computer 114, much or all of the course 400 will run at the or if the user wishes to identify a different credit card after 

speed of the backplane of that computer 114, which is often initially registering. 

substantially faster than an Internet or other network link 45 More generally, the method steps illustrated in the Figures 
116 transfer rate. and discussed in the text may be performed in various 
In one embodiment, the only infonnation going back and orders, except in those cases in which the results of one step 
forth via the Internet or via a POTS line connection 116 to are required as input to another step. For instance, a user 
the server 110 will be handshaking such as repeats of the IP must be registered in order to view courseware 400 except 
address of the gateway, pinging, and a stream of paired 50 to the extent that a particular embodiment provides demon- 
random numbers to authenticate that the content 400 was stration courseware at no charge to unregistered users, 
obtained from this server 110. Tile name and password of the Likewise, steps may be omitted unless called for in issued 
student will be sent each minute (or other predetermined claims, regardless of whether they are expressly described as 
interval) as well. Thus, each minute an IP address is sent, a optional in this Detailed Description, For instance, users 
name, a password, and a sequence of paired random or 55 who are sponsored by a corporation or agency need not 
quasi-random numbers. In well under one kilobyte of com- provide credit card information during a step 704. Steps may 
raunication data, the content 400 will be authenticated for also be repeated (e.g., running several courses), or combined 
another interval of use. As noted, the present invention (e.g., providing credit card information during registration), 
provides the ability to disable the courseware or other or named differently (e.g., running a course may be referred 
content 400 on the student's personal computer 114 when- 60 to as "receiving services"). 

ever the link 116 with the content server 110 is broken or During a login step 706, a registered user logs into the 

lost. content server 110. The initial login step 706 may be 

To assist in the apprehension of someone who attempts to performed automatically when the user first registers during 

violate the security system of the present invention, the step 700. Later login steps 706 may be performed each time 
security system will record where the copy was obtained. A 55 the user begins a new session at a client 114. During the 
series of copy locations hidden in the content 400, or similar login step, the user provides a usemame and password to the 
digital watermark information, maintain a record of IP security manager 402, which verifies that the corresponding 
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user record exists in the registration database 302 replica on 
the content server 110. 

In addition, if the user has indicated that payment will be 
by credit card, then the funds flow manager 308 checks the 
credit card and places a hold on the credit card for an amount 
which may depend on the prior history of the user, the user's 
sponsor, the courseware 400 requested, and similar infor- 
mation. In some embodiments, users are not allowed to 
complete the login process 706 unless the payment infor- 
mation provided by the user or by the user's sponsor has 
been accepted as valid by the funds flow manager 308. 

A user may wish to bill part of a sitting to one account, 
such as an individual account or a particular employer, and 
bill a second part of the same day's training to a second 
account. This may be achieved by logging in under the first 
account, receiving the first part of the desired services, 
logging out, and then logging in again with a different user 
ID and/or password before receiving the second part of the 
desired services. 

During a selecting step 708, the user may select one or 
more courses 400 to be presented at the client 114. In some 
cases, the course selection will already have been made by 
the user's sponsor. Courses 400 may be selected using 
menus and/or other user interface tools and techniques 
familiar in the art, which contain course 400 description, 
cost, and availability data copied from the reservation data- 
base 306. 

During a step 710, the course 400 is presented to the user 
at the client 114. This involves sending courseware content 
400 from the local content server 110 to the client 114 for 
viewing during a step 712 by the user. It may also include 
interaction between the user and other users and/or an 
instructor during a step 714. Interaction may be provided, 
for example, by using email, chat rooms, live audio, and/or 
live video carried over the network conncction(s) 116. In 
addition, during an optional step 716 the user may take one 
or more interactive tests or quizzes. These may be graded by 
courseware 400 which is resident on the workstation 114, or 
the user responses may be transmitted to the content server 
110 for grading there, with the results then being sent back 
to the client 114 and/or to the instructor. 

Presentation of courseware during step 710 may be inter- 
rupted by a step 718 in response to a key press, mouse click, 
or other action by the user. For instance, the user may decide 
not to continue the remainder of the presentation 400 at the 
present time, or may wish to terminate this presentation and 
start viewing a different course 400. The user may also 
simply want to take a temporary break, and then resume the 
presentation during a subsequent step 720. 

During a step 722, the user receives an invoice for 
services rendered. This may be done in conjunction with a 
logout during step 722, or logging out may be delayed until 
a step 726 in which the invoice is paid. From the system's 
point of view, once a user decides to log out, the meter 
manager 406 completes the database 408 time table for the 
user ID, including each event ID associated with each 
courseware offering, test offering or other service provided 
during the session. The funds flow manager 308 then uses 
the database 408 time table and the database 408 rate table 
to present an invoice on the computer screen in the browser 
502. 

The user may accept or decline the stated invoice. If the 
user accepts the invoice, the funds flow manager 308 in the 
content server 110 communicates that acceptance to the 
funds flow manager 308 in the registration server 108, which 
in turn contacts the bank to clear the hold previously placed 
during step 702, 704, 708 and have the bank apply the credit 
card charges to the user's card. 
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If the user declines the invoice, the user may seek an 
invoice adjustment during a step 724. The local network 200 
administrator tries to answer any questions the user has 
about the invoice and to obtain user acceptance of the 

5 invoice, possibly after an adjustment. The local network 200 
administrator or other local site personnel are authorized to 
make adjustments to the bill during step 618. Anew invoice 
amount will then be passed to the funds flow manager 308 
for credit card or other payment activity based on the 

10 payment terms presented during user registration and this 
particular session, and the results of any adjustment discus- 
sions. 

Additional Comments on Security 
In the architecture 100, security may be provided in 

15 several ways including those expressly noted above. Allow- 
ing one and only one person to have a given user ID helps 
ensure that persons who use content 400 are properly billed 
for such use, as noted above. But in addition, the user ID and 
the credit card information help protect the reservation 

20 module. If reservations were available without a credit card 
hold or similar protection, a malicious user could reserve 
seats in a network 200 (or even reserve all seats in the entire 
architecture 100) with no legitimate intent to use them. By 
requiring a credit card for reservation, the reservation mod- 

25 ule is protected because adequate credit must be available to 
pay for all reservations placed. 

Because content is not stored on the registration server 
108, security precautions can be taken that might not oth- 
erwise be avaflable. For instance, access to the home page 

30 can be disabled so that outsiders catmot input messages or 
modify HTML code on the registration server 108. Dynami- 
cally produced Web pages based on information provided by 
the user, and created by Oracle or similar software, arc also 
more difficult to modify than static HTML pages. Firewalls, 

35 encryption, and other means can also be used to protect 
credit card numbers of users in time-limited secure transac- 
tions without reducing security to allow continual 
courseware 400 usage from the same server 108. In one 
embodiment, the registration server 108 exports credit card 

40 information to other servers with heightened security; once 
the export is complete, the credit card information is deleted 
from the registration server 108. 
Summary 

The present invention provides systems, devices, and 

45 methods for technical enforcement of intellectual property 
right agreements. A security enforcer is inserted into deliv- 
erable content, or a smaU but critical portion of the content 
is treated to make it unusable without authorization (unable 
to execute, for instance), or both treatments are performed. 

50 A relationship over time is created between a meter and the 
treated (secured) content; without the relationship, use of the 
content is hindered or disabled. The critical portion is never 
placed in a user's persistent (nonvolatile) storage, such as a 
disk or tape storage, or alternatively is never placed in 

55 persistent storage in usable (Executable, runnable, viewable, 
legible, audible) fonn. At least part of the meter is remote 
from the user, being located on a network server 110 while 
the user uses a client computer 114. The meter is made 
unique to the content server 110, through the use of IP 

60 addresses, coordinated random numbers, and the like. The 
meter slops running, and the content stops being fully 
usable, if the client 114 is disconnected for longer than a 
predetermined period or if the security handshake fails for 
some other reason. 

65 As used herein, terms such as "a" and "the" and item 
designations such as "client" are inclusive of one or more of 
the indicated item. In particular, in the claims a reference to 
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an item means at least one such item is reqxiired. When 4. The computer architecture of claim 2, wherein critical 

exactly one item is intended, this document will state that portions of the content reside in database tables managed by 

requirement expressly. the security manager. 

The invention may be embodied in other specific forms 5. The computer architecture of claim 2, wherein the 
without departing from its essential characteristics. The 5 security manager is further characterized in that it sends at 

described embodiments are to be considered in all respects least part of a critical portion of content only to a volatile 

only as illustrative and not restrictive. Headings are for client workstation memory rather than sending it to a 

convenience only. The scope of the invention is, therefore, nonvolatile client workstation memory, 

indicated by the appended claims rather than by the fore- ^ computer architecture of claim 1, wherein the 
gomgdescnption. Mchanps which oome withm the mean- lo ^^^^^^^^^^ ^^^^ f^^her includes a reservation manager 

ing and range of equivalency of the claims are to be ^ reservation database which permits registered users to 

embraced within their scope. reserve content 

What is claimed and desired to be secured by patent is: ^_ * r ^ ■ ^ r t 

1. Amulti-levd computer architecture for managing con- . computer architecture of claim 6. further compris- 
tent in a shared use operating environment, the architecture 15 !"S a funds flow inanager for managing payment 
includine' information, wherein the reservation manager, the reserva- 

^' . . tion database, or both, operate with the funds flow manager 

a registration server level including at least one registra- ^^ -^^ registered users with guaranteed content reser- 

tion server, each registration server comprising a vations 

remote registration manager and a registration database g computer architecture of claim 1, further compris- 

for new user registration and each registration server 20 ^ ^^^^ managing content usage 

being further charactenzed in that it is free of content payment information. 

managed by the architecture; ^ computer architecture of claim 8, wherein a portion 
a content server level including at least one content server, of the funds flow manager resides on each client 
each content server linked for network communications workstation, a portion resides on each content server, and a 
with a registration server, each content server contain- portion resides on each registration server, 
ing content managed by the architecture, and each 10. The computer architecture of claim 1, further corn- 
content server being further characterized in that it prising a meter manager for metering content usage, 
serves such content only for presentation to registered The computer architecture of claim 10, wherein a 
users, namely, users who have previously been regis- portion of the meter manager resides on each client work- 
tered with a registration server; and station and a portion resides on each content server, 
a client level including at least one client workstation. 12. The computer architecture of claim 1. wherein the 
each client workstation connectable to a content server content comprises courseware. 

by a client-server network communications link, and 13. The computer architecture of claim 1, wherein each 

each client workstation being further characterized in content server further comprises a launch manager for 

that it presents to at least one registered user content launching presentations of courseware content, 

which is served over the client-server network com- 14. The computer architecture of claim 1, wherein each 

munications link by the content server. client workstation comprises a web browser through which 

2. The computer architecture of claim 1, further compris- content is presented. 

ing a security manager for preventing unauthorized use of 15; The computer architecture of claim 1, further com- 

the content. prising a backup registration server containing data mirrored 

3. The computer architecture of claim 2, wherein a portion from the registration server, 
of the security manager resides on each client workstation 

and a portion resides on ea(h content server. ***** 
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